PerkSpot: Save While You Shop
Version 36.0.1 View in Chrome Web Store
Last scanned: 1 day ago
| force re-scan
Extension Details
Developer:
perkspot.com
Rating:
4.9 ★
(31 ratings)
Size:
3.06MiB
Last Updated:
May 5, 2025
Users:
100,000
Developer Info:
PerkSpot320 W Ohio St Unit 1W
Chicago, IL 60654-7816
US
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
HIGH
Risk Level
Trust Factors:
- The extension is developed by a legitimate company, PerkSpot, which is a employee perk and discount platform.
- It has a relatively high number of users (100,000) and a good rating (4.9/5), suggesting it is generally trusted by users.
- However, the broad permissions and high-risk findings raise some concerns.
Concerns:
- The extension requests several high-risk permissions (tabs, cookies, identity, webNavigation, clipboardWrite) that seem unnecessary for a shopping/discount extension.
- It has broad host permissions allowing access to all websites, which could enable tracking or data theft.
- The security findings indicate an overall critical risk level, with 6 high-risk and 1 medium-risk findings.
Recommendations:
- Exercise caution when using this extension, as the broad permissions and high-risk findings suggest potential security and privacy risks.
- Consider running the extension in a separate browser profile or incognito mode to isolate it from your main browsing activity.
- Monitor the extension's behavior and network activity for any suspicious activity.
- Contact the developer (PerkSpot) to inquire about the necessity of the broad permissions and address the security concerns.
- If the concerns cannot be satisfactorily addressed, consider uninstalling the extension and using alternative shopping/discount services.
Security Analysis
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
CRITICAL
Overall Risk
Based on 7 total findings, ranked without considering overall context, including 6 high-risk and 1 medium-risk findings.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
HIGH
High-Risk Permission: clipboardWrite
This extension has the clipboardWrite permission. Can modify clipboard content. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: cookies
This extension has the cookies permission. Can access and modify browser cookies. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: identity
This extension has the identity permission. Can access your identity information. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: tabs
This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: webNavigation
This extension has the webNavigation permission. Can track your web navigation. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- storage
- tabs
- cookies
- identity
- webNavigation
- clipboardWrite
- *://*.perkspot.com/*
Host Permissions:
- *://*.perkspot.com/*
- *://*.perkspot.local/*
Embedded URLs (2120 total):
| http://www.w3.org/2000/svg | https://fontawesome.com | |
| https://fontawesome.com/license/free | https://getbootstrap.com/ | |
| https://github.com/twbs/bootstrap/blob/main/LICENSE | http://daneden.me/animate | |
| http://opensource.org/licenses/MIT | http://bit.ly/sp-js | |
| https://reactjs.org/docs/error-decoder.html?invariant= | https://github.com/uuidjs/uuid#getrandomvalues-not-supported | |
| https://bxfeedback.perkspot.com | https://com-perkspot-qa1.collector.snplow.net | |
| https://browserx.perkspot.local/pages/browserx | https://pslogin.perkspot.local/login?communityId=0 | |
| https://perkspot-api.perkspot.com | https://perkspot-api.perkspot.com/authapi/api | |
| https://c.perkspot.com | https://ps-prod-bxnotif-functionapp.azurewebsites.net/api | |
| https://browserx.perkspot.com/pages/browserx | https://pslogin.perkspot.com/login?communityId=0 | |
| https://signin.perkspot.com/bx/auth | https://perkspot-api-qa.perkspot.com | |
| https://perkspot-api.qa.perkspot.com/authapi/api | https://ps-qa-bxnotif-functionapp.azurewebsites.net/api | |
| https://login-qa.qa.perkspot.com/login?communityId=0 | https://signin.qa.perkspot.com/bx/auth | |
| https://psprods3ep.azureedge.net/cdn.perkspot.com/prod/images/collections/perx-gift-circle.svg | https://psprods3ep.azureedge.net/cdn.perkspot.com/prod/images/rewards/ps25b-gift_card_icon.svg | |
| https://psprods3ep.azureedge.net/cdn.perkspot.com/prod/images/premiumperks/ps25b-premium-perks-check-filled.svg | https://psprods3ep.azureedge.net/cdn.perkspot.com/prod/images/fmtc/globe-Icon.svg | |
| http://19crimes.com/ | http://BiOptimizers.com | |
| http://bubledon.com | http://cricut.com | |
| http://denbypottery.com/ | http://faithheart-jewelry.com/ | |
| http://hoka.com/en/us | http://katespadeoutlet.com/ | |
| http://lemero.com/ | http://marmot.com/ | |
| http://paintyourlife.com | http://sunnysports.com/ | |
| http://tjmaxx.tjx.com/store/index.jsp | http://www.abcya.com/ | |
| http://www.academy.com/ | http://www.ActionHeat.com | |
| http://www.att.com | http://www.basspro.com | |
| http://www.bearaby.com | http://www.bestbuy.com/ | |
| http://www.childrensplace.com/ | http://www.diviofficial.com/ | |
| http://www.ecampus.com/ | http://www.exofficio.com/ | |
| http://www.famousfootwear.com/ | http://www.fast-growing-trees.com | |
| http://www.finishline.com | http://www.fostergrant.com | |
| http://www.fragrancex.com/ | http://www.francosarto.com/ | |
| http://www.fredmeyerjewelers.com/ | http://www.ghbass.com/ | |
| http://www.herbspro.com/ | http://www.hickoryfarms.com/ | |
| http://www.homary.com | http://www.josbank.com | |
| http://www.keurig.com | http://www.kindercare.com | |
| http://www.knetbooks.com | http://www.kohls.com/ | |
| http://www.lifestride.com | http://www.maurices.com/ | |
| http://www.menswearhouse.com/ | http://www.michaelkors.com/ | |
| http://www.motivescosmetics.com/ | http://www.nationalcar.com | |
| http://www.neatapparel.com/ | http://www.needonelife.com/ | |
| http://www.qvc.com | http://www.rag-bone.com/ |
Page 1 of 27
Raw Manifest
{ "name": "PerkSpot: Save While You Shop", "icons": { "16": "img/ps-16.png", "48": "img/ps-48.png", "128": "img/ps-128.png" }, "action": { "default_popup": "index.html?psbxpopup=true" }, "version": "36.0.1", "background": { "type": "module", "scripts": [ "/static/js/background.js" ], "service_worker": "/static/js/background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Take the savings from your employee discount program with you wherever you shop.", "permissions": [ "storage", "tabs", "cookies", "identity", "webNavigation", "clipboardWrite", "*://*.perkspot.com/*" ], "content_scripts": [ { "js": [ "/static/js/modals.js", "/static/js/extensions.js", "/static/js/standDown.js" ], "run_at": "document_end", "matches": [ "https://*/*", "http://*/*" ] }, { "js": [ "/static/js/serp.js" ], "css": [ "/static/css/serp.css" ], "run_at": "document_end", "matches": [ "https://*/search?*" ], "include_globs": [ "https://www.google.*/*" ] }, { "js": [ "/static/js/loginInterstitial.js" ], "run_at": "document_end", "matches": [ "https://signin.perkspot.com/bx/auth", "https://signin-dev.perkspot.com/bx/auth", "https://signin.qa.perkspot.com/bx/auth", "http://localhost/bx/auth" ] }, { "js": [ "/static/js/pscTokenWatcher.js" ], "run_at": "document_start", "matches": [ "https://*.perkspot.com/*", "https://*.perkspot.local/*" ] } ], "host_permissions": [ "*://*.perkspot.com/*", "*://*.perkspot.local/*" ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "/static/media/*", "/static/css/*", "/img/ps-48.png", "/img/premium-perks-check.svg" ] } ], "browser_specific_settings": { "gecko": { "id": "{f1c5f3fd-070b-4925-baa4-3c957220b28f}", "strict_min_version": "120.0" } } }
Secure Annex (beta)
Coming soon...